Skip to content

fix: jose2go vulnerability GO-2025-4123#180

Merged
MissingNO57 merged 1 commit intomerge/v0.53.4_to_v0.19.4from
fix/jose2go-vulnerability-GO-2025-4123
Nov 18, 2025
Merged

fix: jose2go vulnerability GO-2025-4123#180
MissingNO57 merged 1 commit intomerge/v0.53.4_to_v0.19.4from
fix/jose2go-vulnerability-GO-2025-4123

Conversation

@MissingNO57
Copy link
Collaborator

@MissingNO57 MissingNO57 commented Nov 18, 2025

Preemptive fix for the jose2go vulnerability GO-2025-4123.

Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token high compression ratio in >github.com/dvsekhvalnov/jose2go

For detailed information about this vulnerability, visit GHSA-9mj6-hxhv-w67j.

@MissingNO57 MissingNO57 changed the title Fix: jose2go vulnerability GO-2025-4123 fix: jose2go vulnerability GO-2025-4123 Nov 18, 2025
pbukva
pbukva approved these changes Nov 18, 2025
View reviewed changes
Copy link
Contributor

@pbukva pbukva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@MissingNO57 MissingNO57 merged commit f981127 into merge/v0.53.4_to_v0.19.4 Nov 18, 2025
39 of 40 checks passed
@MissingNO57 MissingNO57 deleted the fix/jose2go-vulnerability-GO-2025-4123 branch November 18, 2025 18:18
@pbukva pbukva restored the fix/jose2go-vulnerability-GO-2025-4123 branch November 18, 2025 18:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pbukva pbukva pbukva approved these changes

Assignees

No one assigned

Labels

C:CLI C:Confix C:Simulations C:x/circuit C:x/evidence C:x/feegrant C:x/nft C:x/upgrade

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MissingNO57 @pbukva

Comments